package com.itclass.auth.handler;

import com.itclass.auth.repository.RedisSecurityContextRepository;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.logout.LogoutHandler;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * redis 退出登录处理器
 */
public class RedisLogoutHandler implements LogoutHandler {

    private RedisSecurityContextRepository redisSecurityContextRepository;

    public RedisLogoutHandler(RedisSecurityContextRepository redisSecurityContextRepository) {
        this.redisSecurityContextRepository = redisSecurityContextRepository;
    }

    @Override
    public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
        SecurityContext context = SecurityContextHolder.getContext();
        // 删除当前线程认证信息
        SecurityContextHolder.clearContext();
        context.setAuthentication(null);
        // 删除redis缓存 认证信息
        redisSecurityContextRepository.removeContext(request,response);
    }
}
